Lecture 8 

Primitive Roots (Prime Powers), Index Calculus 



Recap - if prime p, then there's a primitive root g mod p and it's order mod p 
is p - 1 = ql 1 q% 2 ■ ■ ■ q'r r ■ We showed that there are integers g t mod p with order 
exactly q^ (counting number of solutions to x q S —1 = mod p). Set g = T\ g% - 
has order YilT = P — 1- 

Number of primitive roots - suppose that m is an integer such that there is a 
primitive root g mod to. How many primitive roots mod to are there? 

We want the order to be exactly 4>(m). If we look at the integers 1, g, g 2 , 
. . . g^H" 1 )- 1 , these are all coprime to m and distinct mod to. If we had g l = g j 
mod m (0 < i < j < (f>{m) - 1), then we'd have g- 7-1 = 1 mod m with 
< j — i < <P{m), contradicting the fact that g is a primitive root. 

Since there are 4>(m) of these integers, they must be all the reduced residue 
classes mod m (in particular if m = p, a prime, then {1, 2, . . . p — l}isa relabeling 
of {1, g, . . . g p ~ 2 } mod p). Suppose that a is a primitive root mod m, then a = g k 
mod m. Recall that order of g k is 

ord(g) <f)(m) 
(k,OTd(g)) (k,4>(m)) 

So only way for the order to be exactly <f>(m) is for k to be coprime to 4>(m). Ie., 
the number of primitive roots mod m is exactly <j>(<f>(m)) - if there's at least one. 
In particular, if m = a prime, then number of primitive roots is (j){p — 1). 

Conjecture 37 (Artin's Conjecture). Let a be a natural number, which is not a square. 
Then there are infinitely many primes pfor which a is a primite root mod p. 

This is an open question. Hooley proved this conditional on GRH, and Heath- 
Brown showed that if a is a prime, then there are at most 2 values of a which 
fail the conjecture 

(Definition) Discrete Log: Say p is a prime, and g is a primitive root mod p (ie., 
1, g,g 2 . . . g p ~ 2 are all the nonzero residue classes mod p). Say we have a ^ 
mod p. We know a = g k for some k (0 < k < p — 2) - k is called the index or the 
discrete log of a to the base g mod p. This is a computationally hard problem, 
and is also used in cryptography. 

Index Calculus - Let's say we're trying to solve a congruence x d = 1 mod p. 
Any x which satisfied this congruence is coprime to p. So if g is a primitive root 
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mod p, we can write x = g k mod p. New variable is now k: 

x u = 1 mod p i — > g kd = 1 mod p 

< — > p - 1 = ord(g) divides kd 

divides — : — - — —k 



(d,p-l) (d,p-l) 



(d,p-l) 



divides fc 



So set of solutions for k is exactly the set of multiples of ( d P p l\) (remember k is 
only modulo p - 1). So we can get all the solutions a; by raising g to the exponent 
k, where < k < p — lisa multiple of ( fpl^ ■ The number of solutions is 

fez = (**-!) 
(d, P -i) 



Similarly, if we're trying to solve the congruence x d = a mod p (a mod p), 
we can write a = g l mod p so if x = g k as before then g kd = g l mod p. This 
means that g kd - 1 = \ mod p ^ p — l\kd - I ^ kd = I mod p — 1 (k is variable), 
which has a solution iff (<i, p - 1) divides in which case it has exactly (d, p — 1) 
solutions. 

Note: 

i(p - 1) 



(d,p — 1) divides / < — >• p-1 divides 



(d,p-l) 
mod p 

a* 1 ''?- 1 ) = 1 mod p 



^ (d,p-i) = 1 mod p 



Theorem 38. There's a primitive root mod m iffm = 1,2,4, p e , or 2p e (where p is an 
odd prime). Let's assume that p is an odd prime, and e > 2. Want to show that there's a 
primitive root mod p e . 

Part 1 - There's a primitive root mod p 2 



Proof. Choose g to be a primitive root mod p, and use Hensel's Lemma to show 
there's a primitive root mod p 2 of the form g+tp for some < t < p— 1. We know 
(g + tp, p) = 1 since p \ g and p\tp. ord p 2 (g + tp) must divide 4>{p 2 ) = p(p — 1). 

On the other hand, if (g + tp) k = 1 mod p 2 then (g + tp) k = 1 mod p g k = 1 
mod p p - l\k. 

So p — 1 divides ord p (5 + £p) . Since ord p (g + tp) is a multiple of p — 1 and divides 
p(p — 1), it's either equal to p - 1 or equal to p(p - 1) = <?!>(p 2 ). We'll show that 
there's exactly one value of t for which the former happens. 
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Since there are p possible values of t(0 < t < p — 1), any of these remaining ones 
give a g + tp which is a primitive root mod p 2 . Consider f(x) = x p ~ x - 1: mod 
p it has the root g. Since f'(x) = (p - l)x p ~ 2 and f'(g) = (p - l)g p ~ 2 ^ mod p, 
by Hensel's Lemma there is a unique lift g + tp of g mod p 2 satisfying x p ~ 1 = 1 
mod p 2 . This is the unique lift for which order is p — 1 mod p 2 . This proves that 
there's a primitive root mod p 2 . □ 

Part 2 - Let g be a primitive root mod p 2 . Then g is a primitive root mod p e for 

every e > 2. 

Proof. Since ord p e(g) divides <p{p e ) = p e ~ 1 {p—l) and also thatp- 1| ord p e(g) (as 
in proof of previous part), ord p ? (g) must be p fc (p — 1) for some < k < e — 1. We 
want to show that fc = e — 1. To see that, it's enough to show that g p ° 2 (p~ 1 ' ^ 1 
mod p e . 

We'll show it by induction (base case is e = 2). g p_1 ^ 1 mod p 2 is true because 
g is a primitive root mod p 2 , so order = p(p - 1). So say we know it for e. 

We know that 0(p e_1 ) = p e ~ 2 (p - 1). So g^ pe ^ = 1 modp e_1 assuming that 

gHP^ 1 ) 1 mo d p e_ In Qther worc J s gHp- 1 ) = 1 + b p e-l wim p | b _ Neec J to 

show it for e+1 - ie., g^( pe ) ^ 1 mod p e+1 . 

We know that g p " 2 (p^ x ) = l + &p e_1 . Raising to power p we get 

gP °-\p-i) = ^ 1 + hp e-iy 

= 1 + Pbp*- 1 + Q (fe^- 1 ) 2 + Q (bp 6 " 1 ) 3 + . . . 
= 1 + bp e mod p e+1 

(because for e > 2, 3e - 3 > e + 1 and p\ ( p ) so (|)6 2 p 2e ~ 2 divisible by p 2 ^ 1 and 
2e - 1 > e + 1). 

So ^p -1 ) = 1 + bp e mod p e+1 with p { 6, which ^ 1 mod p e+1 . Completes 
the induction. □ 

Main Proof. Check 1, 2, 4 directly, p odd, m = p e proved, to = 2p e (p odd) - 
4>(m) = (f)(2)4>(p e ) = 4>{p e ). Let g be a primitive root mod p e . If 5 is odd, it is a 
primitive root mod m. If not odd, then add p e to it. 

Now show that nothing else works: otherwise, if n = mm' with m and m! 
coprime and to, to' > 2, we'll show there does not exist a primitive root mod to. 
By hypothesis (to, m' > 2) we know 4>(m) and 0(to') are even. So for (a, n) = 1, 
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we have (a, to) = 1 = (a, m'). So a^ m ) = 1 mod m and a^ m ' = 1 mod to'. So 

a 0(m)0(m')/2 = (- a 0(m)^(m')/2 

= 1 mod to 

a 0(m)0(m')/2 = j mod m / 

Similarly so, a ^ m W m ')/ 2 = 1 mod n 

but </>(n) = 4>(m)4>(m') so ord„(a) < </>(n). So a can't be a primitive root mod n. 

Only remaining candidate is n = 2 k for k > 3. No primitive root mod 8 since 
odd 2 = 1 mod 8 (and 0(8) = 4). So if a is odd, a 2 = 1 + 8fc. Show by induction 

that a 2k 2 = 1 mod 2 k (k > 3). Since </>(2 fe ) = 2 fe ~ 1 , we see there does not exist a 
primitive root mod 2 k . 
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